National: Time’s running out if Congress wants to boost 2020 election security | Joseph Marks/The Washington Post

If Congress wants to deliver more money for states to secure the 2020 election against hackers, it had better get moving. That’s the message from Vermont’s top election official, Jim Condos (D), who ends his term as president of the National Association of Secretaries of State this week. There are just about six months left during which states could responsibly spend a big infusion of federal money aimed at protecting the 2020 contest, Condos told me. If Congress approves new funding after that, most of it won’t be spent until the next federal election cycle, he said. The warning comes as intelligence officials are cautioning that Russia and other U.S. adveraries are likely to try to interfere in the 2020 election in a repeat of the Russian hacking and disinformation operation that upended the 2016 contest. “It takes time to plan, to do assessments. We all have procurement rules we have to follow … and we want to be responsible stewards of congressional money,” Condos told me by phone from the National Association of Secretaries of States’s summer conference in Santa Fe, N.M. The prospects of Congress delivering new money in that timeframe don’t look good.

National: Hacking, Glitches, Disinformation: Why Experts Are Worried About the 2020 Census | Chris Hamby/The New York Times

In the run-up to the 2020 census, the government has embraced technology as never before, hoping to halt the ballooning cost of the decennial head count. For the first time, households will have the option of responding online, and field workers going door to door will be equipped with smartphones to log the information they collect. To make it all work, the Census Bureau needed more computing power and digital storage space, so it turned to cloud technology provided by Amazon Web Services. What the bureau didn’t realize — until an audit last year — was that there was an unsecured door to sensitive data left open. Access credentials for an account with virtually unlimited privileges had been lost, potentially allowing a hacker to view, alter or delete information collected during recent field tests. The Census Bureau says that it has closed off this vulnerability and that no information was compromised. But the discovery of the problem highlights the myriad risks facing next year’s all-important head count.

National: US Cyber Command issues alert about hackers exploiting Outlook vulnerability | Catalin Cimpanu/ZDNet

US Cyber Command has issued an alert via Twitter today about threat actors abusing an Outlook vulnerability to plant malware on government networks. The vulnerability is CVE-2017-11774, a security bug that Microsoft patched in Outlook in the October 2017 Patch Tuesday. The Outlook bug, discovered and detailed by security researchers from SensePost, allows a threat actor to escape from the Outlook sandbox and run malicious code on the underlying operating system. The bug was privately reported by SensePost researchers in the fall of 2017, but by 2018, it had been weaponized by an Iranian state-sponsored hacking group known as APT33 (or Elfin), primarily known for developing the Shamoon disk-wiping malware. At the time, in late December 2018, ATP33 hackers were deploying backdoors on web servers, which they were later using to push the CVE-2017-11774 exploit to users’ inboxes, so they can infect their systems with malware.

Editorials: Enact election-security reforms now | The Seattle Times

Last week’s Democratic debates were an important marker on the road to the 2020 election. They were also a reminder that time is quickly running out for Congress to enact legislation that will safeguard against foreign actors’ attempts to manipulate the results. There is ample evidence of Russian agents’ multipronged attempts to interfere in the 2016 presidential election. U.S. intelligence agencies warn that such interference continues with the FBI director calling it a “significant counterintelligence threat.” And in a recent Associated Press poll, more than half of Americans said there they were very concerned about foreign meddling in U.S. elections. Much of the blame for congressional inaction on this issue has been rightly laid at the feet of Senate Majority Leader Mitch McConnell, a Kentucky Republican who has refused to allow elections security bills to see the light of day. At the same time, Congress’ shotgun approach is not helping. Lawmakers must focus their attention on bipartisan solutions and stop wasting time on bills doomed to fail along party lines.

California: Lawmakers Consider Deepfake Ban for Election Integrity | Andrew Sheller/San Luis Obispo Tribune

California lawmakers, citing election integrity, are moving to ban the distribution of “deepfake” video or audio clips aimed at damaging political candidates, drawing condemnation from First Amendment supporters. The move comes as lawmakers fear that sophisticated doctored clips, such as one falsely portraying House Speaker Nancy Pelosi as slurring her words, could allow malicious parties to sabotage the election. Assembly Bill 730, sponsored by Assemblyman Marc Berman, D-Palo Alto, passed unanimously out of the Assembly and now is being considered by the Senate Committee on Elections and Constitutional Amendments. AB 730 specifically prohibits “a person committee or other entity from knowingly or recklessly distributing deceptive audio or visual media of a candidate with the intent to injure the candidate’s reputation or to deceive a voter into voting for or against the candidate within 60 days of an election at which a candidate for elective office will appear on the ballot,” according to that committee’s analysis of the bill.

Georgia: Server image mystery in Georgia election security case | Frank Bajak/Associated Press

The case of whether hackers may have tampered with elections in Georgia has taken another strange turn. Nearly two years ago, state lawyers in a closely watched election integrity lawsuit told the judge they intended to subpoena the FBI for the forensic image, or digital snapshot, the agency made of a crucial server before state election officials quietly wiped it clean. Election watchdogs want to examine the data to see if there might have been tampering, given that the server was left exposed by a gaping security hole for more than half a year. A new email obtained by The Associated Press says state officials never did issue the subpoena, even though the judge had ordered that evidence be preserved, including from the FBI. The FBI data is central to activists’ challenge to Georgia’s highly questioned, centrally administered elections system, which lacks an auditable paper trail and was run at the time by Gov. Brian Kemp, then Georgia’s secretary of state. The plaintiffs contend Kemp’s handling of the wiped server is the most glaring example of mismanagement that could be hiding evidence of vote tampering. They have been fighting for access to the state’s black-box voting systems and to individual voting machines, many of which they say have also been altered in violation of court order.

Nevada: New election laws impact Nevada voters | Terri Russell/KOLO

Imagine not having to meet various deadlines to register to vote in Nevada. Instead, during early voting or even on Election Day, you can register and vote all at the same time. ”And they are also going to be able to register to vote online from home during the early voting period and then go to the polling place and case a ballot,” says Wayne Thorley, Nevada Deputy Secretary of State for Elections. Same-day registration is just one of the many new laws Nevada’s Secretary of State must contend with before the presidential election in 2020. The office is working on ways to connect the same-day registration, probably online, confirm it and place it in the system along with the votes cast.

Canada: Northwest Territories to be 1st province or territory to use online voting in general election | Hilary Bird/CBC News

In a move to increase voter turnout, the Northwest Territories will soon become the first jurisdiction in Canada to use online voting in a provincial or territorial election. Polls will open on Oct. 1 to elect 19 members to the N.W.T. Legislative Assembly, but people can vote in advance polls as early as Sept. 6. Voters can use a new website called Electorhood to access the Simply Voting online system to cast their ballots. Using the site, eligible voters can vote online from Sept. 6 up until the end of election day on Oct. 1 as long as they’ve registered for the absentee ballot beforehand. “I know elections isn’t very sexy for a lot of people but they don’t realize that they have a Cadillac of a system,” said Nicole Latour, chief electoral officer of the N.W.T. Latour said she’s optimistic the new website and online voting system will encourage more young people to log on and cast their ballots.

Canada: Federal political parties receiving classified security briefings on potential campaign threats | Bill Curry and Janice Dickson/The Globe and Mail

Federal political parties are now receiving classified security briefings about potential foreign interference in the October election campaign, but Canadian intelligence officials say no specific threat has so far been identified. The private briefings for political parties by security officials are one element of a plan announced in January that included the creation of a Security and Intelligence Threats to Elections Task Force. The task force is chaired by the Communications Security Establishment (CSE), a signals intelligence agency, and includes the Canadian Security Intelligence Service, the RCMP and Global Affairs Canada. The briefings are limited to a handful of political party representatives who hold a valid Canadian government security clearance. The briefings occur in a secure facility and no documents can be removed from the briefing room. CSE has issued two reports warning that it is “very likely” that Canadian voters will encounter foreign cyber interference ahead of, and during, the 2019 general election. In a statement released Wednesday evening, CSE said that remains its position.

Estonia: IT minister convenes inaugural e-voting working group | ERR

Minister for Foreign Trade and Information Technology Kert Kingo (EKRE) is convening an e-voting working group for the first time on Thursday. Kingo says that the group’s main aim is to assess the effectiveness of Estonia’s e-voting system in the light of both cybersecurity concerns, and electoral regulations, ERR’s online news in Estonian reports. Tarvi Martens, one of the people behind the e-voting system, has said he regards the move as a political statement. Conservative People’s Party of Estonia (EKRE) members have in the past been critical of e-voting, principally on security issues. For instance, following the 2017 municipal elections, the party mounted an appeal to the Electoral Committee, questioning why the e-vote had gone ahead in October of that year, despite a recently-detected security risk that could have potentially affected up to quarter of a million Estonian ID cards.

Switzerland: Control-Alt-Delete? Swiss government puts the brakes on e-voting | James Walker/The Daily Swig

The Swiss Federal Council has suspended its plans to bring electronic voting (e-voting) into regular operation in Switzerland. Concerns surrounding the security and integrity of one online voting system were cited among the reasons for the U-turn. In December 2018, the Federal Council launched a consultation into proposed amendments to Switzerland’s Political Rights Act that would effectively make e-voting a third regular voting channel, alongside in-person and postal votes. This consultation is now over, and although a “clear majority” of the cantons and political parties were said to support the introduction of e-voting in principle, the Federal Council said it has decided to “provisionally forgo” the introduction into regular operation. “The political parties which support e-voting in principle consider that now is not the right time to take that step,” a statement reads. “The Federal Council has therefore decided not to proceed with the partial revision of the Political Rights Act at the present time.”